I am building a profile pictures system and for some reason my table doesn't seem to be working with the MYSQL UPDATE query. Below you should just select your image and click upload, it moves the image to the folder but not the directory to the database.
Help please:
if (file_exists("userdata/profile_pics/".#$_FILES["profilepic"]["name"]))
{
echo #$_FILES["profilepic"]["name"]." Already exists";
}
else
{
move_uploaded_file(#$_FILES["profilepic"]["tmp_name"],"userdata/profile_pics/".$_FILES["profilepic"]["name"]);
echo "Uploaded and stored in: userdata/profile_pics/".#$_FILES["profilepic"]["name"];
$profile_pic_name = #$_FILES["profilepic"]["name"];
$profile_pic_query = mysql_query("UPDATE users SET profile_pic='$profile_pic_name' WHERE username={$_SESSION['user_login']}");
}
}
else
{
echo "Invailid File! Your image must be no larger than 1MB and it must be either a .jpg, .jpeg, .png or .gif";
}
}
Try this: add quote to the username variable
$username = $_SESSION['user_login'];
"...WHERE username='$username'";
try session variable put into quotes username='".$_SESSION['user_login']."'
Related
if(isset($_POST['submit']) and isset($_GET['slider_id']))
{
$date=date('Y-m-j');
$imgName=$_FILES['image']['name'];
$cont=file_get_contents($imgName);
$cont=addslashes($cont);
if($imgName=="")
{
//$imgData =addslashes(file_get_contents($_FILES['image']['name']));
$res=mysqli_query($connect,'UPDATE `slider_images` SET `image`=\''.$cont.'\' WHERE id=\''.$_GET['slider_id'].'\'');
if($res)
{
echo "Updated";
}
else
{
echo "Not Updated";
}
}
}
Not understanding the real issue behind this and i have refereed many solution's but no success in that.All solution's i found they tell to store images in folder and store the file name in database table.Reason behind storing images in database is, only 4 images are to be stored, so why not to store them in database. Please guide me through this issue. Following is the issue i am talking about.
Warning Message
Thank's in advance.
$_FILES['file']['name'] is the original name of the uploaded file from the user's computer.
$_FILES['file']['tmp_name'] will contain the temporary file name of the file on the server. This is just a temporary placeholder until you process the file.
So you should access the file like this:
$cont=file_get_contents($_FILES['image']['tmp_name']);
Sidenote: Instead of if($res){ ... } use mysqli_affected_rows() to get number of rows affected by this UPDATE query, like this:
mysqli_query($connect,"UPDATE `slider_images` SET `image`='".$cont."' WHERE id='".$_GET['slider_id']."'");
if(mysqli_affected_rows($connect)){
echo "Updated";
}else{
echo "Not Updated";
}
Here's the reference:
mysqli_affected_rows()
If I try to submit an image, the echo works. So i'll see "it works". But when I check my db, it is not inserted.
userId is a INT and foreign key to the id in another table and image is a BLOB.
code:
$userId = $_SESSION['id'];
if(isset($_POST['submit'])){
$imgName = $_FILES['image']['name'];
$imgData = $_FILES['image']['tmp_name'];
$getImgData = file_get_contents($imgData);
$imgType = $_FILES['image']['type'];
if(substr($imgType, 0,5) == "image"){
$query = "INSERT INTO projects (userId, image)
VALUES ('$userId', '$getImgData')";
$result = $db->query($query);
echo "it works!";
} else{
echo "only images are allowed";
}
}
?>
The echo works, but it won't insert. Please help with this, I've been stuck for hours now!
why insert the image in the db, just get the img path (upload folder) or name and insert it, in your code you can show your image by referencing it's path, except if you must insert it as blob you can refer to this posts
http://www.mysqltutorial.org/php-mysql-blob/
I am building a forum with php and MySQL and I want to append current time to each image that users upload for their profile. I used time() function on each image file uploaded and it worked for the image file but I have trouble inserting the new filename into the database. I wanted to give each image a unique name to prevent override.
OK here is what I did: I stored the current time as $time and the filename in a variable, $photo and I tried to insert that variable’s value using $photo .= $time into the database so it has the filename as I did with each uploaded image. However the original filename is inserted into the database in every attempt.
Any workarounds?
$image = $_FILES['photo']['name'];
$time = time();
$image .= $time;
delete the existing photo
delete(image_dir/$row['current_photo.jpg']);
//does not work, but i want something like that
if(move_uploaded_file($_FILES['photo']['tmp_name'], 'image_dir/$image') {
$query = "INSERT INTO profile (user_id, profile_photo) VALUES($id, $image)";
mysqli_query($dbc, $query);
if(mysqli_affected_rows($dbc) == 1) {
echo "added to the database!";
}else {
echo "failed to add photo to the database";
}
}else {
echo "failed to upload photo";
}
how can i give the uploaded image unique the name since the original image name gets inserted in the database in every try i make?
i know the code looks funny :). just want to show the logic.
If you need a unique id, you can use the uniqid function
$name=uniqid();
you may need to use
$filename=uniqid();
<?php
ini_set('display_errors', 'On');
error_reporting(E_ALL);
session_start();
if(!isset($_SESSION['user_id'])){
header('Location: login.php');
exit();
}
include('includes/db_connect.php');
$userid = $_SESSION['user_id'];
$sql = ("SELECT file_id FROM files WHERE user_id='$userid'");
$query = $db->query($sql);
if($query->num_rows ===1){
echo "Sorry you have already uploaded a file, to delete the current file and upload another please select retieve file from the homepage";
}else{
echo "you can upload a file";
}
?>
The above checks to see if the user has uploaded a file. It does this by seeing if their is a file with their user id. some reason the page is just blank when loaded.
include just hold the connection string
been looking at this for ages, help would be appreciated, thank you in advance
This line has a syntax error:
echo "Sorry you have already uploaded a file, to delete the current file and upload another please select retieve file from the homepage";
If you define a string with double quotes ("), you must escape all double quotes contained in the string.
Replace it with this:
echo "Sorry you have already uploaded a file, to delete the current file and upload another please select retieve file from the homepage";
I'm having issue uploading a BLOB into my MySQL database and get the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzƒ„…†‡ˆ‰Š’“”•–—˜™š¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄ' at line 1
I know the error is resulting in the image's file contents but I can't figure out what's wrong with the syntax. Any suggestions? Thanks!
Here's the PHP:
$file = $_FILES['image']['tmp_name'];
// If there's no file selected when button is pressed, echo out and tell the user to select an image to upload
if (!isset($file))
echo "<p>Please select an image to upload.</p>";
else {
//mysql escape string
$image = file_get_contents($_FILES['image']['tmp_name']);
//and here
$image_name = $_FILES['image']['name'];
$imagesize = getimagesize($_FILES['image']['tmp_name']);
}
// Checks that the file being uploaded is an image, i.e. has a size attribute with height & width dimensions
if ($imagesize == FALSE)
echo "<p>Please upload only an image file such as .jpg or .png.</p>";
else {
$sql = "INSERT INTO design (id, caption, image) VALUES ('', '$image_name', '$image')";
$result = mysql_query($sql);
if (!$result)
echo "<p>Something went wrong.</p>" . mysql_error();
else {
echo "<p>Thank you for submitting your design.</p>";
}
}
Apparently the image file contents has an apostrophe in it. That's not that surprising. You need to properly escape the input (and all inputs for that matter).
$image = mysql_real_escape_string($_FILES['image']['tmp_name']);
Instead of using ext/mysql, you should use properly parameterized queries with mysqli or PDO. Then you don't have to escape explicitly.